Gazelle STS

Introduction

A Security Token Service (STS) is a Web service that issues security tokens according to the WS-Security protocol. It is a standard component of security network that enables actions like: authentication, identity validation or security token exchange.
The primary use of a STS is to acquire SAML tokens in order to request a service in a different security domain.

A SAML assertion in WS-Trust is the kind of security token that provides our STS.
The Web Service Description Language (WSDL) needed to contact our Web service with SOAP and XML Schema is linked below.

An HTTP authentication is asked for this server. The password is connectathon and the username depends on the kind of assertion you are expecting (see table below). The default username is valid.

The animation hereunder explains the different steps when a requestor need information from a service provider using a STS :

This STS is used as part of the Connectathons in NA and EU. Our X-Assertion Provider is configured with a Certificate signed by IHE Europe CA. It is available here . It is only configured to help you perform all XUA tests, and hence does not provide token for a different context. As a user of the service you must trust that certificate.

Issue Tracker

If you encounter any issue with this application, report it to our developer team !

A development team works each day to improve this application and fix notified issues. It is very easy and fast to report an issue, and this is the best way to get it fixed as soon as possible. You just need to create an account on our Issue Tracker (link below) and to report it with its resolution priority.

Examples of common queries

Line break and whitespaces must be stripped out from requests, otherwise the following requests will not work.
In the software SoapUI, the option Strip whitespaces = true must be set (Project > Test Suite > Test Case > Test Steps > any soap request > properties).

Requesting a Security Token

To get a security token, a ws-trust RequestSecurityToken request must be send.If the policy permits, a response will be issued containing the token.

HTTP Authentication

A basic HTTP authentication with a username and a password is required to process the request. The password is connectathon and the username depends of the kind of assertion that you expect. In the following table, you will find all types of assertions Gazelle-STS is able to generate. For a default assertion, use the username : “valid”.

In the response from the web service, if everything worked fine, you should receive an assertion in the tag <saml:Assertion> ... </saml:Assertion> (the opening tag may looks like <saml:Assertion ID="ID_420d4acb-a582-44ab-bba5-52514857c62f" IssueInstant="2015-03-16T16:05:57.406Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">).
The lifetime of a token is 2 hours.

Renew a Security Token

If your previous token expired, you can renew it and get the same token with new expiration semantics. An HTTP authentication with an username and a password is needed to proceed the request. Copy/paste your assertion achieved from the response of a requesting security token (Part 1 in this tutorial) in the indicated area on the following code. Don’t forget to copy information from the opening tag <saml:Assertion ... >.

In the response from the web service, if everything worked fine, you should receive a new assertion in the tag <saml:Assertion> ... </saml:Assertion> (the opening tag may looks like <saml:Assertion ID="ID_420d4acb-a582-44ab-bba5-52514857c62f" IssueInstant="2015-03-16T16:05:57.406Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">).
The lifetime of a new token is 2 hours.

Cancel a Security Token

Not supported at this time

Validate a Security Token

When you get a security token from a requestor, you may have to validate the assertion. You can use any authentication in this part, it has no influence.

Note that Gazelle-STS will verify signature, trusted chain relations and time validity, but will not check specific IHE rules (or other standards business rules). This is the responsability of the service provider.

Copy/paste the assertion from the request in the indicated area on the following code. Don’t forget to copy information from the opening tag <saml:Assertion ... >.